Join us to prepare for today's and tomorrow's threat landscape. There is no cost to attend.
Earn 6 CPE credits.

New York City, NY: Agenda

8:00 am

Registration and Continental Breakfast

9:00 am

The Threat Landscape: Building the Right Threat Model & ControlsSpeaker: Rick Holland, Forrester

You want to keep a pulse on the constantly evolving threat landscape, but chasing the latest threats can leave you feeling ever more exposed. Rick Holland, Forrester's Senior Research Analyst, IT Security & Risk, will provide an in depth view of the changing threat landscape, including the top 5 threat vectors most organizations are not prepared for. More importantly, Rick will share a framework for developing an effective risk model and set of controls, so you can be prepared to mitigate risk, no matter what the latest threat.

More than 50% of businesses are moving to the cloud and using cloud services to drive increased productivity and reduce operational costs. In addition, a recent survey showed that 30% of employees are already using personal cloud services, such as Dropbox and Evernote, to store work-related documents. In this session, Lee Weiner, SVP of Products & Engineering at Rapid7, will discuss the rise of cloud services and the impact this trend is having on organizations' security. This session will cover how gaining visibility into and monitoring of cloud services can enable you to embrace them and better manage the risk.

The soundest plan in the world falls apart without proper follow-through. This session examines what it takes to close the loop between security and IT, ensuring that you can both monitor and assess where security controls stand, and that you can implement and verify action plans with IT teams. Security professionals will talk about their tactics in monitoring the effectiveness of their security controls and action plans, as well as how they communicate key requirements to IT. You'll hear first-hand best practices in navigating the changing security landscape and in keeping security plans adaptable, actionable, and verifiable.

You don't need to read far into the headlines to realize that users represent the single largest security risk to organizations today. While user behavior represents the weakest link in your infrastructure and no singular security solution exists that can lock it down, there are techniques that you can put in place to gain visibility into your user risk and monitor risky behavior. Learn how one organization is addressing this issue and see how Rapid7 UserInsight can help you manage the largest and fastest growing risk in your security sphere.

Get the inside scoop on attackers' tricks of the trade and learn how they're planning on attacking you. Stay steps ahead of potential attackers by learning their tactics. This session will examine in depth how attackers try to infiltrate your network, and how you can use your own arsenal of tools, like penetration tests, to model potential attacks. Additionally, this session will get you thinking beyond just the state of patched or unpatched vulnerabilities and will help you put threats into the context of your network environment and your user network, so you know what's important to keep an eye on when predicting potential attackers' threat vectors.

An effective Vulnerability Management program is a cornerstone of your security program but your program needs to continue to evolve to address the latest threats and requirements. Turning the data from vulnerability assessment is the key to reducing risk in your environment and ensuring compliance for standards, including the new requirements of PCI 3.0. This session will provide a set of best practices for ensuring your Vulnerability Management program provides actionable visibility and risk reduction for your organization and will help you understand the new PCI 3.0 requirements.

2:00 pm

Tips & Tricks Training

Get the most out of your Metasploit Pro deployment with our special Tips & Tricks session, lead by our expert Professional Services team. They'll help you configure Metasploit to import Nexpose and third-party data so you can validate vulnerabilities, learn how to leverage Metasploit's powerful social engineering and phishing capabilities and tie your results to 3rd-party systems in your enterprise.

New York City

When

Where

Speakers

Rick Holland, Forrester

Topic: The Threat Landscape: Building the Right Threat Model & Controls

Rick Holland is a senior analyst at Forrester Research, where he serves Security & Risk Professionals. Rick works with senior information security leadership, providing strategic guidance on security architecture, security operations, and data privacy. His research focuses on incident response, threat intelligence, and email and web content security, as well as virtualization security. He is regularly quoted in the media and is a frequent guest lecturer at the University of Texas at Dallas.

Lee Weiner, Rapid7

Topic: Securing the Cloud

Lee Weiner is responsible for leading the direction and delivery of Rapid7's entire product portfolio, including its award-winning solution Nexpose. In this role, he also identifies new opportunities to help Rapid7's customers solve the complex security challenges they face. Lee has over 15 years' experience in high-technology, most recently leading the customer care products group at LogMeIn, driving engineering, product management, and product marketing. He has also held leadership roles at software security firms including Netegrity, IMlogic, and Symantec Corporation. He holds a bachelor of arts from the University of Massachusetts.

Chad Currier, Cardinal Innovations Healthcare Solutions

Topic: Gaining Command and Insight Into Your Security Controls

Chad Currier is the IT Infrastructure Director of Cardinal Innovations Healthcare Solutions. Chad has more than 15 years' experience in information security and infrastructure management. Chad and his team of Engineers are responsible for the development, implementation, and support of the corporate information security program, which includes both the physical and application layers. Chad is currently completing his MS in Computer Science from the University of North Carolina Charlotte.

Paul Drapeau, Principal Security Engineer, Vertex Pharmaceuticals Inc

Topic: Error Between Keyboard and Chair

Paul Drapeau leads all aspects of the IT security practice for a global biotechnology company. His responsibilities include security architecture, engineering and operations, IT security policy and procedure, incident response, vulnerability management, and internal security testing. Paul has held IT and security roles for approximately 15 years with prior experience in networking and IT operations. As an independent consultant he has helped companies in various industries find, analyze and solve technology security issues. He has a BS in Computer Science from the University of Rhode Island and is an Offensive Security Certified Professional. Paul is a frequently invited speaker at pharmaceutical industry conferences on the topics of IT and information security in the industry.

Michael Belton, Rapid7

Topic: The Attacker's Playbook

With over 15 years of experience in information security, Michael Belton has seen the threat landscape change from simple tools and motivations to highly focused multi-vector attacks. During his career, Michael has worked in full-service security service shops performing network and application penetration tests, governance and compliance analysis, incident response and more.

Ryan Poppa, Rapid7

Topic: Effective Vulnerability Management

Ryan Poppa is the Product Manager for Nexpose, Rapid7's leading Vulnerability Management solution. Ryan works with customers to drive great products that align with making security processes and programs easier. Ryan has spent more than a decade in various roles in information security as a security analyst, vulnerability researcher, and security best practices consultant. On top of all of this, he once fought a bear with his bare hands and lost. This experience gives Ryan deep insight and security understanding which he now brings to building great products.

Tas Giakouminakis, Rapid7

Topic: Gaining Command and Insight Into Your Security Controls

Tas has been part of the Matthews and Devine team since 1990. He helped form Percussion Software in 1994 where he led the server development of Notrix, Percussion's first product. In addition, he led the server development team for Rhythmyx, Percussion's Enterprise Content Management system. Tas left Percussion to launch Rapid7 in 1998. Prior to his recent experiences, he worked in the financial services sector, developing software in the security and risk areas for CitiCorp.

Matt Hathaway, Rapid7

Topic: Error Between Keyboard and Chair

Matt Hathaway is a senior product manager at Rapid7, leading the direction for one of the Company's new product lines. Prior to joining Rapid7, Matt was a member of the Office of the CTO (OCTO) and product management teams for RSA. He has been working in security and IT for 12 years and has experienced both sides of the fence. He has a BSc in Computer Engineering and an MBA from Northeastern University.